<?PHP
//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
	//header ("Location: login.php");
//}

//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them
$fcomid = "";
$femail = "";
$errorMessage = "";
$yayMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

	//====================================================================
	//	GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
	//====================================================================
	$fcomid = $_POST['comid'];
$femail  = $_POST['email'];

	$fcomid = htmlspecialchars($fcomid);
	$femail = htmlspecialchars($femail);
	//====================================================================
	//	CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
	//	A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
	//	if no errors occur, then $errorMessage will be blank
	//====================================================================




//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error

	//====================================================================
	//	Write to the database
	//====================================================================
	if ($errorMessage == "") {

require 'config.php';

	$db_handle = mysql_connect($server, $user_name, $pass_word);
	$db_found = mysql_select_db($database, $db_handle);

	if ($db_found) {

$femail = quote_smart($femail, $db_handle);
	//====================================================================
	//	CHECK THAT THE USERNAME IS NOT TAKEN
	//====================================================================

		$SQL = "SELECT * FROM members WHERE email = $femail AND comid = $fcomid ";
		
		$result = mysql_query($SQL);
		$num_rows = mysql_num_rows($result);

		if ($num_rows == 0) {
			$errorMessage = "That email could not be found under companyID ".$fcomid;
		}
		
		else {
// THIS NEEDS TO BE A SET QUERY
// generate new 5digit string
$unhash = substr(md5(microtime()),rand(0,26),5);
$newmd5pass = md5($unhash);
			$SQL2 = "UPDATE  members SET  password =  '$newmd5pass' WHERE  email = $femail AND comid = '$fcomid' LIMIT 1 ;";

			if (
			
			$result2 = mysql_query($SQL2))
			{
				// START EMAILING
			require 'emailtemppass.php';
}
else {$errorMessage = "The password could not be reset";}
			mysql_close($db_handle);



		}

	}
	else {
		$errorMessage = "Database Not Found";
	}




	}

}


?>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="initial-scale=1.0, user-scalable=no">
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <title>iPetty Password Request</title>
  
  
  
  <link rel="stylesheet" href="/jquery/style.css">
  
  <!-- Extra Codiqa features -->
  <link rel="stylesheet" href="codiqa.ext.css"><style type="text/css">

  </style>
  <link href="styling.css" rel="stylesheet" type="text/css">
  <!-- jQuery and jQuery Mobile -->
  <script src="https://d10ajoocuyu32n.cloudfront.net/jquery-1.9.1.min.js"></script>
  <script src="https://d10ajoocuyu32n.cloudfront.net/mobile/1.3.1/jquery.mobile-1.3.1.min.js"></script>

  <!-- Extra Codiqa features -->
  <script src="https://d10ajoocuyu32n.cloudfront.net/codiqa.ext.js"></script>
   
   
</head>
<body>
<!-- Home -->
<div data-role="page" id="page1">
    <div data-theme="a" data-role="header">
        <h3>
            iPetty Password Request
        </h3>
    </div>
    <h4 align="center" style="color:#F00"><? echo $errorMessage;  ?> </h4>
    <h4 align="center" style="color:#0C3"><? echo $yayMessage; ?> </h4>
    <div data-role="content">
   <FORM NAME ="formilate" METHOD ="POST" ACTION ="iforget.php" id="ifor">

<div data-role="fieldcontain">

            <input name="comid" id="comid" placeholder="Company ID" value="" type="text" required class="number">
        </div>
        <div data-role="fieldcontain">

            <input name="email" id="email" placeholder="Email" value="" type="email" required class="email">
        </div>

        <INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Request Password">


</FORM>
<script src="jquery.validate.js"></script>
<script>
$("#ifor").validate();
</script>
    </div>

   <strong><p align="center"> If you allready have an account, please <a href="index.php">login</a>, if not, please <a href="register.php">register</a></p></strong>
</div>
</body>
</html>
